You are here

PDA seeks compensation for 600 pharmacists affected by Well data leak

Well: A number of changes have been made to our processes to ensure all data is safe

The Pharmacists’ Defence Association (PDA) is pursuing a compensation claim on behalf of “close to” 600 members affected by a data leak at Well Pharmacy.

In December 2018, Well said it was “truly sorry” after a document – which included names, addresses, phone numbers, email addresses and some payroll numbers of 24,099 employees and locums – was sent as an email attachment to an undisclosed number of Well locums.

In a statement this morning (March 13), the PDA said it “had been asked by affected members to start a claim on their behalf against Well and [is] currently gathering information to progress this”.

“In just over 24 hours, we have had close to 600 pharmacists register their interest in pursuing a claim against Well,” it told C+D.

“Each affected pharmacist may be entitled to compensation, possibly ranging from hundreds to the low thousands of pounds, depending on individual circumstances and facts,” the PDA claimed.

PDA director of defence services Mark Pitt said: “Well has informed us that the email was sent to 1,050 people, of whom 376 were potentially able to access the spreadsheet.”

The data breach “may be relevant to pharmacists that have ever worked for, or provided locum services to Well (or a predecessor company) since at least as far back as 2003”, the PDA also claimed.

Well “working with the PDA”

Well transformation director and senior information risk owner Chris Ellett told C+D the multiple has been “working with the PDA to ensure information about the data breach is correct”.

“We continue to work with the Information Commissioner’s Officer in respect of the breach, and have been transparent about the findings of our investigation,” Mr Ellett said.

“Both data and information security are taken very seriously at Well, and we are sorry this has happened. A number of changes have been made to our processes to ensure all data is safe and secure,” he added.

Interleukin -2, Community pharmacist

John Smith, Academic pharmacist

Posted on Fri, 15/03/2019 - 19:04

Questions:

1. What’s the effect of locum rates on this, if a locum agency or business has got hold of the spreadsheet? Could they “shop around” for cheaper locums in the vicinity and start cancelling people’s contracts?

2. Well said the data may be up to 7 years old. The PDA seems to be saying it dates back to at least 2003?

3. What makes someone an “unreliable locum”? What other data does Well hold that it isn’t sharing?

4. “Datix feedback” - so is Well saying the Locum is a Patient Safety risk?

5. What are the security risks to people now that Well’s list of keyholders has been leaked?

6. Well sent out an email saying that names, addresses, phone numbers, email addresses and some payroll numbers were shared (as above). When people queried it, it told them by email "Only the detail stated in our recent email was shared." However, the PDA website says "There were 68 columns of data, with an average of 28 columns completed per person."

John Smith, Academic pharmacist

Whether or not the pharmacist will work with an ACT, the distance they’re willing to travel and what services they can provide

A column entitled “Reason for Inactivation” including almost 6,000 entries, which could potentially have the unintended consequence of amounting to a “blacklist” of individuals. This is denied by Well, who say that at no time has it ever operated a “blacklist” or would ever consider such improper practice.

34 different “Reasons for Inactivation” for individuals, which it appears could be selected from a defined list. The reasons used include the following:

Being Investigated speak to PST

Business Risk

Ex-employee – dismissed

Health Concerns

Maternity leave

Branch feedback

RDM feedback

Inappropriate behaviour [it is not known what this is based on]

Fitness to Practice Issue [Well has stated this was captured from the GPhC website]

Datix feedback

Don’t use in busy branches

Payment Rates/Overclaiming

Unreliable Locum (ORPD)

Details of whether a person is a key holder, has CRB clearance, or has religious requirements (Yes or No fields)

A free type comment field including comments made about 500 of the people on the spreadsheet.

Farmer Cyst, Community pharmacist

Posted on Thu, 14/03/2019 - 12:42

How do I find out if I was affected? I get loads of adverts for penis enlargement products and initially I assumed it was because someone had hacked my Snapchat but now I'm thinking maybe it's all Well Pharmacy fault?